[compiler-rt] r358207 - [libFuzzer] Make MutateWithMask work when the Mask is shorter than the input.

Thu Apr 11 11:21:53 PDT 2019

Author: dor1s
Date: Thu Apr 11 11:21:53 2019
New Revision: 358207

URL: http://llvm.org/viewvc/llvm-project?rev=358207&view=rev
Log:
[libFuzzer] Make MutateWithMask work when the Mask is shorter than the input.

Summary:
Before this change, MutateWithMask used to assert that Mask should be
of sufficient length (>= Size of the input). However, in real cases we may have
inputs that are longer than the Mask they have inherited from the based inputs.

Reviewers: kcc, morehouse

Reviewed By: kcc

Subscribers: delcypher, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D60571

Modified:
    compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp

Modified: compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp?rev=358207&r1=358206&r2=358207&view=diff
==============================================================================

--- compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp Thu Apr 11 11:21:53 2019
@@ -529,7 +529,7 @@ size_t MutationDispatcher::MutateImpl(ui
 size_t MutationDispatcher::MutateWithMask(uint8_t *Data, size_t Size,
                                           size_t MaxSize,
                                           const Vector<uint8_t> &Mask) {
-  assert(Size <= Mask.size());
+  size_t MaskedSize = std::min(Size, Mask.size());
   // * Copy the worthy bytes into a temporary array T
   // * Mutate T
   // * Copy T back.
@@ -538,7 +538,7 @@ size_t MutationDispatcher::MutateWithMas
   if (T.size() < Size)
     T.resize(Size);
   size_t OneBits = 0;
-  for (size_t I = 0; I < Size; I++)
+  for (size_t I = 0; I < MaskedSize; I++)
     if (Mask[I])
       T[OneBits++] = Data[I];
 
@@ -548,7 +548,7 @@ size_t MutationDispatcher::MutateWithMas
   assert(NewSize <= OneBits);
   (void)NewSize;
   // Even if NewSize < OneBits we still use all OneBits bytes.
-  for (size_t I = 0, J = 0; I < Size; I++)
+  for (size_t I = 0, J = 0; I < MaskedSize; I++)
     if (Mask[I])
       Data[I] = T[J++];
   return Size;


